Changpeng Zhao Ensures Safe Trust Wallet After Libbitcoin Explorer Crash

Key Points:

• Changpeng Zhao highlights self-custodial wallet risks and underscores user understanding.
• Libbitcoin Explorer 3.x flaw exposes private keys to attacks via a weak PRNG.
• $900,000+ crypto was stolen, users were urged to switch wallets and enhance security measures.

Following the recent disclosure of a critical vulnerability affecting cryptocurrency wallets utilizing Libbitcoin Explorer 3.x, Binance’s founder, Changpeng Zhao, has addressed the issue.

He emphasized that while self-custodial wallets offer benefits, they aren’t devoid of risks, provided users understand their operation. The vulnerability arises from a flawed random number generator using a 32-bit seed, rendering it insufficiently random for contemporary cryptographic challenges like GPUs.

Notably, Trust Wallet and Binance Wallet avoid using this flawed generator for mnemonic generation, according to CZ.

On August 10, SlowMist reported that Distrust uncovered a severe vulnerability impacting cryptocurrency wallets reliant on Libbitcoin Explorer 3.x. This flaw permits unauthorized access to private keys by exploiting the Mersenne Twister pseudo-random number generator (PRNG), causing tangible real-world repercussions.

The vulnerability emanates from the pseudo-random number generator (PRNG) implementation within Libbitcoin Explorer version 3.x. This implementation relies on the Mersenne Twister algorithm and a mere 32-bit system time as its seed. This precarious approach enables attackers to discover a user’s private key in a matter of days through brute-force tactics.

Libbitcoin Explorer 3.x users and developers employing libbitcoin-system 3.6 to create libraries are susceptible to this vulnerability. Notable cryptocurrencies affected include Bitcoin, Ethereum, Ripple, Dogecoin, Solana, Litecoin, Bitcoin Cash, and Zcash.

Due to this vulnerability, malicious actors can hijack a user’s wallet, resulting in the pilferage of contained funds. As of August 2023, losses of over $900,000 have been reported as stolen crypto assets.

In response, all users employing Libbitcoin Explorer 3.x versions are strongly urged to promptly cease using compromised wallets and transfer their funds to a more secure alternative. Utilizing a proven and secure method for random number generation is imperative when crafting new wallets.

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.